SANS – SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking™ 2021-12

Published on: 2024-12-18 20:49:02

Categories: 28

Description

SEC660: Advanced Penetration Testing Exploit Writing and Ethical Hacking. Designed for those who have completed SANS SEC560: Enterprise Penetration Testing or have prior experience in penetration testing. Students with the prerequisite knowledge to participate in this course will examine dozens of real-world attacks used by the most experienced penetration testers. The methodology of a specific attack is discussed, followed by exercises in a hands-on lab to solidify advanced concepts and facilitate immediate application of the techniques in the workplace. Each day of the course includes a two-hour afternoon boot camp to further master the techniques discussed. Examples of topics covered include attacks against Network Access Control (NAC) and Virtual Local Area Network (VLAN) manipulation, exploiting network devices, breaking out of Linux and Windows restricted environments, IPv6, Linux elevation of privilege and exploit writing, testing cryptographic implementations, fuzzing, defeating modern operating system controls such as Address Space Randomization (ASLR) and Data Execution Prevention (DEP), Reverse Engineering Programming (ROP), writing Windows exploits, and much more!

What you will learn:

Securely perform penetration testing against network devices such as routers, switches, and NAC implementations.
Testing cryptographic implementations.
Help your organization avoid identity proliferation and technical debt through decentralization.
Using an unauthorized database to exploit after infiltration and increase access levels.
Network fuzzing and stand-alone applications.
Writing exploits against applications running on Linux and Windows systems.
Bypassing threat mitigation measures such as ASLR, DEP, and stack guards.

This course is suitable for people who:

Need to perform penetration testing securely against network devices such as routers, switches, and NAC implementations.
Need to test cryptographic implementations.
Need help in their organization to prevent identity and technical debt from spreading through decentralization.
They need to use an unauthorized database to exploit after infiltration and increase access levels.
They require network fuzzing and standalone applications.
They need to write exploits against applications running on Linux and Windows systems.
Need to bypass threat mitigation measures such as ASLR, DEP, and stack guards.